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(57) Abstract: A source transmits (10) successive keys encrypted in encryption control messages and information in an encrypted 
form that is successively decryptable with the successive fcqrs. A decoder (122) decrypts flie information. A secinre device (14) 
^ receives the encryption control messages, decrypts the loeys finm the messages and supplies die keys to the decoder (122). The 
secure device (14) maintfflns a time value. The secure device (14) controls the supply of the keys dependent on the time value, and 
increments the time value in response to rec^ition of respective ones of the enoyption control messages. 
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System for providing time d^end^ conditional access 



The invention relates to a systm and method of providing conditional access 
to a stream of media information, and to a secure device fi>r use in such a system. 

It is well known to use encryption to &cilitate conditional access to media 
information such as video and audio signals. A receiving station is given access to fbe 
5 information by supplying the decryption key for decrypting the information. Only entitled 
subscribe are provided with a key. Keys are conventionally distributed using a smart card 
(or more g^^ly a secure device, which is protected against tampering by unauthorized 
possons). 

A commonly q>plied key distribution scheme transmits three types of 

10 infoimation: encrypted content. Encryption Control Messages (EdSdTs) and Bicryption 

Management Messages (EMMs). The content is macypted so tiiat different keys are needed 
in S|UCC«sive time intervals to decrypt the contait The secure device supplies these keys 
under contiwl of the ECMs and EMM's. An ECM is transmitted each time when the key to 
decrypt tiie content has to be changed. The £CM contains the key in oicrypted form, so that 

IS the secure device can decrypt the key fiom the ECM. 

However, tiie secure device will supply tiie decryptc4 key only if it is entitled 
to do so. The entitiement is determined from entitiement information in the secure device and 
records for example, whether the subscribe that holds tiie secured device may decrypt in 
formation at all, or if so which types of content may be decrypted. The secure device supplies 

20 keys only for those types of information. The entitlement information is updated under 
control of tiie EMM's, which are normally transmitted less firequentiy than the ECM's. 

From European Patent Application No. 635 790 it is known to provide time 
dq)eDdent conditional access. The secure device of tiiis pubUcation contains a Time Of Day 
clock, which counts a time value fliat represents an absolute time. The secure device 

25 compares a time interval in which a subscriber has been granted access to information with 
the time value. Access is allowed only when the time value is in the time interval. Thus, 
wh^ access is allowed only during a trial period, it can be prevented that flie subscriber 
gains access outside tiie trial period. 
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For the op«:ation of time dependent conditional access it is important that the 
time value of the time of day clock cannot be tampered with. Accoiding to Buropean Patent 
Application No. 635 790 this is realized by periodically transmittitng auth^ticated time 
stamps to the secure device. The secure device checks the authorization of tiie time stamps 
5 and updating the time value of tiie time of day clock according to the authorized time stands. 
Between successive updates the clock changes the time values according to a local count of 
time. However, to prevent that clock drift compromises the reliability of the clock, the device 
prevents its use for granting access when it has not beati updated with a time stamp for a 
predetermined time int^val. 
10 Altfaou^ fliis device provides for time dqpraident conditional access it has 

some drawbacks. First of all, the clock has to run continuously, which can be impractical in 
secure devices such as smart cards and is moreover sensitive to tamper attempts to change 
clock speed. Secondly, this scheme is not resistent to tamps attempts in which the time 
stands are intercepted, stored and supplied to the secure device with a delay. 

15 

Amongst olh^ it is an object of the invention to provide for a system and 
metiiod of conditional access, which has other protection against tampering with time 
dq)endent conditional access. 
20 More in particular, it is an object of the invmtion to provide such a system and 

metiiod in a system tiiat receives continuous streams of encaTpted cont^ and encryption 
control messages. 

It is another object to provide for such a syston and mettiod in whidi no 
continuously running clock is needed. 

25 The invention provides for a system according to Claim 1 . According to the 

invmtion, the time value is updated in response to the recq>tion of encryption control 
messages. Hie subscriber is forced to allow these updates if he or she wants to access the 
encrypted contents and no fecial information is needed to make normal clock iq)dates. &i 
principle, an internal clock oscillator could be used in tiie secure device to advance the clock 

30 uidq>endently b^een encryption control messages to realize an even more reliable clock. 
But the reliability is reduced only slightly if fliese updates or even the oscillator are omitted, 
because the use of encryption control messages from a continuous media stream ensures 
regular updates. Hiis leads to a less complex (and costly) stracture for the secure device 
(which is preferably a smart card, without its own power siq^ly). 
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The time value could simply be incremeated by a jSxed amount each time an 
encryption conbx)! management mrasage is received, if one can rely on the fact Hast the 
Qicryption control m^»ages are incorporated in the media stream on average with a 
predictable fiequency. In an embodiment of the system according to the invention, a time- 
5 stamp from the encryption control messages, which serves to check entitlement to use the key 
in the message are also used to update the time value in the secure device, in an embodiment, 
the time-value is set to tiie value of the time-stanq>, or a value corre^onding to it, provided 
flie new value is later than the old time value. 

Ih a fiirtiier embodiment, tiie diffa?ence between timestamps of successive 

10 CTcryption contix>l messages is determined, and the time value in the secure device is 
incremented according to this difference. This is particularly useful if the sysX&a allows 
viewing content with a time-shift (i.e. to view old content, that has been stored m the system 
for some time, say from the aflemoon to the evening). By using differences it is still possible 
to ensure reliable time values when content is decrypted with a time shifi, witiiout having to 

IS access a "live" stream of time stamps as frequently as the encryption control messa^ arrive. 
la anotiier embodiment, time-stamps from less frequent encryption 
management message from a live stream are used to set the absolute value of the time value 
in the secure device (i.e. not differentially). For this purpose the secure device may have to 
monitor both a live media stream and a time shifted stream to decrypt the time shifted stream, 

20 but this involves little overhead, since from the live stream only encsTption management 
messages need to be interpreted. Thus, errors in tiie time stamps of encryption control 
messages can be corrected (these errors might be uncorrectable since the secure device 
prevents tiiat the time value can be set back by an enoyption control message, evea if the 
time value has been set forward due to an error). Even when tiie time stamps from the 

25 encryption control messages are not used, such use of time stamps from encryption control 
messages helps to increase protection against tampering with tiie time value, since tampering 
would have to involve coordinating a number of streams. 

In a furtiier embodim^t the user is forced to allow the secure device to copy 
time-stamps from the encryption mana^ment messages because tiie secure device is 

30 arranged to allow updates by means of oicryption contix)l messages only for a predetermined 
mraiber of times after receivmg an encryption management message, if no new encryption 
management is received with a later time stamp. This will increase security of the time value 
if enoTption contirol messages are used to update the time value in graieral, but particularly if 
decodii^ of time shifted streams is allowed, because it forces the user to supply a live stream 
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as well during decryption of the time-shifted stream. Management information from the live 
stream will thus be processed by the secure device even if a time-shifted stream is decoded, 
allowing updates to entitl^ents. Separately fiom this, obligatory use of encryption 
management messages ftom the live stream allo^ correction of the tune value if a time 
stamp fiom an encryption control message has lead to an erroneous time value. 



These and other objects and advantageous asprots of the system and mediod 
according to the invention will be discussed in more detail using the following figure. 
10 Figure 1 shows a system for providing conditional access. 



Figure 1 shows a system for providing conditional access. The system contains 
a source 10 of an encrypted media stream, a conditional access apparatus 12 and a storage 

15 device 16 (for example a magnetic or optical disk or a tape recorder). The source 10 has an 
output coupled to the conditional access ^aratus 12 and tiie storage device 16. Hie stora^ 
device 16 has an output coupled to the conditional access apparatus 12. 

The conditional access apparatus 12 contains a receiving section 120, a 
content decoder 122, a rendering device 18 and a secure device 14 (for example a smart 

20 card). The receiving section 120 receives inputs from the source 10 and the storage device 16 
and has an output for encrypted content coupled to the content decoder 122, and outputs for 
oicryption control messages (ECM's) and encryption management messages (EMNTs) 
coupled to secure device 14 (aMiou^ shown separately, the latter outputs may in ftict be 
combined into a smgje ou^ut). The secure device 14 has an output coupled to a key input of 

25 decoder 1 12. Decoder 122 has an ou^ut for decrypted content coupled to rendering device 
18. 

Secure device 14 contains a decryption unit 140, a management unit 142 and 
time value storage 144. Decryption unit 140 has an input coiq>led to the ou^ut for ECM's of 
the receivmg section and an output coiq>led to the key iiqput of decode 122. Decryption unit 
30 140 also has an output for time stamps coupled to management unit 142. Management unit 
142 has an ii^ut coupled to tiie output for EMM's of the receiving section 120. Furthemiore 
management unit 142 has inputs and outputs coupled to time value storage 144. Separate 
inputs are shown for EMM's and ECM's but of course these may be supplied via a single 
input and processed sq)arately in the secure device 14. 



. wo 03/058948 PCT/IB02/05327 

5 

la operation, source 10 transmits one or more streams of encrypted media 
information (for example video and/or audio information). Each stream contains encrypted 
cont^t, encryption control messages (ECMUs) and encryption management messages 
• (EMMs). Hie bandwidth requirements for fliese items differs widely: the content may 

5 require a permanent bandwidth of several megabits per second, whereas ECMs may require 
less than a kilobit and are transmitted, say, only once ev^ minute. EMM's are transmitted 
even less fiequmtly, say, once per hour. The encryption control messages contain keys for 
decrypting flie encrypted content These keys Ihemsdves are also ouaypted. The encryption 
contFol messages preferably also contain time stamps. These time stamps may be aiaypted, 

10 but this is not necessary. It suffices that they are autiiorized, i.e. encoded in sudi a way that it 
can be verified that reasonably only the source could have suppUed (he time-stanq)S and that 
an ECM is associated with a specific time stamp. 

€k>nditional access apparatus 12 receives at least one of tiie streams. Receiving 
section 120 passes encrypted content fi:om this stream to decoder 122. Receiving section 120 

15 passes BOM'S and EMM's from the stream to secured device 14. Secure device 14 decrypts 
keys 6om the BOM'S and conditionally supplies them to decoder 122. With tiie ke;^, decoder 
122 decrypts the content and supplies tiie decrypted content to rendering device 18, which 
contains for example a display screen and or a loudspeaker and which rend^ tiie content so 
that the content can be perceived by the user of the system. 

20 Secure device 14 checks whether it is entitied to siq>ply the keys to decoder 

122. At least for some of tiie keys entitlement depends on time. Mana^nent unit 142 
enforces time dq)endent entitiement using a time value finm time value storage 144 and 
optionally using a time stamp fix>m a received ECM. In its simplest form, management unit 
142 compares the time value with a range of times for which secure device 14 is enabled. 

25 Thus, for example, keys may be supplied only in periods for which the user has paid. In a 
more compUcated form entitlemmt may be related to the time-stamp of the ECM, allowing 
the supply of keys for ecample only if the diffoience b^e^ the time value and the time- 
stamp is within a certain range. Hius, for example, one could entitie the user to view only 
' live content, but not time-shifted (recorded) content, or, on the contrary only to view content 

30 that has been delayed for a certain period. This allows differential subscription fees, 
dq)endent on service level. 

Thus, by means of the time values and the time stamps in the entitlement 
control messages the s^tem can distinguish betwerai live information received Scorn the 
source 10 and time shifter information received firom storage device 16. 
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The time value in time value storage 144 is regularly updated by managment 
unit 142. According to fbe invention, this is preferably done each time when an ECM is 
received (or each time a predetermined number of ROM's has be^ received). In a simple 
embodiment, the management unit 142 ino'eases the time value by a fixed amount for each 
5 received ECM for which the time value is altered. 

In a more advanced embodiment, manag^ent unit 142 compares the time 
value with tiie time-stamp of the ECM and sets the time value to a time corresponding to that 
time value, provided that the new time value encodes a later time tiian the stored time value 
in time value storage 144. 

10 hi yet another embodiment, management unit 142 computes the new time 

value that it stores in time value storage 144 by adding an increment to the old time value 
from time value storage 144. Management unit 142 cQaq)utes the increment by additionally 
storing injfonnation from the time-stamp of a previous ECM for which the time value is 
incremental, and determining the difEer^e b^we^ the times rqpresoited by the time stan^ 

1 5 of the curcmt ECM and this previous ECM. From tiiis diff^^ice management unit 142 
determines the size of tiie increment and adds the increment to the old time value to 
determine the new time value, provided the increment is positive. Hie incremented time 
value is stored in time value storage 144. Additionally the time stamp of the current ECM is 
stored to liable coiiq)utation of the difference for a future ECM. Thus, it is also possible to 

20 use time-shified streams to determine tiie increm^t. 

Preferably, the manag^ent unit also uses time-stands from the EMMs to 
update the time ^ue in time value storage 144. The EMMs are distmguished from the 
ECM's in that they are transmitted less frequently (because they do not need to supply keys 
for the encrypted content) and in that they contain management information, for example to 

25 set the type and times content for which tiie secure device 14 is entitled to sui^ly keys. Thus, 
the EMM'S are essential for contix>lIing the conditions of access, but not directiy for 
providing access. Preferably, the secure device 14 forces the user to supply EMMs by 
disabling the use of the time value in time value storage 144 for the authorization of issuing 
of decrypted keys when a number of ECM's has been received in a time-intoval witiiout 

30 receiving a new EMM's in the same time interval. That is, by disabling the supply of any 
keys to decoder 122, if the supply is conditional on the time value. For example, if an EMM 
is transmitted every hour and ECM's are transmitted every minute, tiie time value may be 
disabled if more than 60 ECM's have hem received without receiving any EMM. 
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la a further embodun^t, managmient unit 142 uses time stanps fix>m the 
BMNf s to set the time value in time value storage 144. This setting may be protected so that 
the time value may only increase as compared wifli the latest time value set by a previous 
EMM. For this purpose, management unit 142 may store the time-stamp (or information 
5 representing it) of the previous £MM and compare tins stored time-stamp with the time 
stamp of the new EMM before setting tiie time value. Thus errors in fbs time value (caused 
for trample by erroneous ECM's) can be corrected. 

la. a further embodiment, conditional access ^paratus 12 allows the use of a 
stored stream fit»n storage device 16. Of course, Ibe ECM's of tibis stream will contain time- 

10 stamps that are older than the time value in time value storage, but the mtitlement 

information in management unit 142 may provide for supplying keys for such "old" streams. 
The eiGfect of ^s is that the EMMs and ECM's of the old stream will be supplied to the 
receiving section 120 fix)m storage device 16. According to the invention tiie receiving 
section is arranged to receive a live stream together with the old stream, to extract EMM'S 

15 fix>m the live stream and to siq^ly these EMMs to secure device 14. Management unit 142 
receives tii^ EMMs and uses time-stamps and manag»nent information fiom tiiese EMM's 
to update the entitlements and the time value in time value storage 144. Thus, it is ensured 
that the time value is controlled by "live" time-stamps from the EMM, while at tiie same time 
recorded (time-shifted) content is processed. The increments in the time values may be 

20 continued by tiie ECM's of the recorded stream. Thus no ECM's from the live stream need to 
be processed for tiiis purpose. 

Although the decryption unit 140, management unit 142 and time value 
storage 144 have been shown separately, it will be appredated tiiat these fimctions may in 
feet be combined to a large extent, for example in a micro-processor, the time value being 

25 stored in a register, histead of a register any other kind of storage may be used, for example a 
location in a memory, or a counter, which iq)dates the time value by means o^ pulses from a 
clock. Management of entitiement and time values may be controlled using a computer 
program escecuted by this micro-processor, but of course dedicated hardware may also be 
used to poform the relevant functions. 
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1. A system for providing time dqpendoat conditional access to infonnation, the 
system comprising 

- a source sub-system (10) arranged to provide 
-successive keys encrypted in encryption control messages and 

5 -the information in an encrypted form that is successively decryptable with the successive 

- a decoder (122) for decoding tiie information, witii an iiq>ut for receiving the k^; 

- a secure device (14) arranged for receiving the encryption control messages, decrypting the 
keys fiom the message and siqiplying the keys to the decoder (122), the secure device (14) 

10 maintaining a time value, the secure device (14) being arranged to control the supply of the 
keys dependent on the time value, wherein the secure device (14) is arranged to increment the 
time value in re^onse to rec^tion of req)ective ones of the oicryption control messages. 

2. A sfystem according to Claim 1, whoein the source sub-system (10) is 

15 arranged to include time-stamps in tiie oioTption control message, the secure device (14) 
beiag arranged to decide whether to supply the keys dependoit on a comparison betweea the 
time-stamps and the time value, ttie secure device (14) being arranged to control a size of the 
update according to the tune-stati^, with a limitation to increases in the time value. 

20 3. A system according to Claim 2, the secure device (14) being arranged to 

detemiine a di£ference between the time stan^ of a curr^ eooTption control message and a 
forther time stamp of a preceding encryption control message and to increase the time value 
with said difference. 

25 4. A syst^ according to Claim 2, wherein the source sub-system (10) is 

arranged to transmit ^cryption manag^ent messages at a lawcx fiequency than said 
^cryption control messages, the enoyption mans^ement messages comprising time stamps, 
the secure device (14) being arranged to set the time value according to the time stamps in 
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response to receiving the encryption management messages, conditional vpon receiving 
increasing time stamps. 



' 5. A system according to Claim 4, arranged to process the content and encryption 

5 control messages from a time shifting memory (16), and to substitate encryption management 
messages from a live stream for oicryption managemoit messages from the time shifiing 
memory (16). 



6. A Systran according to Claim l,y^erein the source sub-syst^ (10) is 
10 arranged to transmit encryption management messages at a lower frequency than said 

encryption control messages, the encryption management messages comprising time stamps, 
title secure device (14) being arranged to set the time value according to the time stamps in 
res|)onse to receiving the encryption mana^ment messages, conditional upon receiving 
increasing time stan^. 

15 

7. A ^'stem according to Claim 6, arranged to process tibe contrait and encryption 
control messages from a time shifting memory (16), and to substitate encryption management 
messages from a live stream for encryption management messages from the time shifting 
mem(My. 

20 

8. A system according to Claim 6, vdierein the secure device (14) is arranged to 
disable supplying of the successive keys dependent on the time value when a predetermined 
numbra* of the encryption control messages has been recdved after receiving a first one of die 
encryption management messages with a first one of the time stamps without receiving any 

25 subsequent second one of the encryption management messages witii a second one of tiie 
time stands for a time that follo\Ki^ a time of the first one of the time stamps. 

9. A m^od of for providing time depeaieat conditional access to information, 
the method comprising 

30 - transmitting successive keys encrypted in encryption control messages and the information 
in an encrypted form that is successively decryptable with the successive keys; 

- receiving the encryption control messages 

- maintaining a time value, incrementing the time value in refuse to reception of respective 
ones of the encryption control messages; 
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- decrypting the keys fiom the messages; 

- contcolling a supply of tiie keys to a decoder dq>endent on the time value. 

10. A secure device for providing time dependent conditictnal access to 
5 information, the secure device having 

- an input for receiving successive keys encrypted in encryption control messages; 
^ a decryption unit for decrypting the keys &om the messages; 

- an output for siq>plying tibe keys to a decoder, 

a memory for storing a time value, the secure device being arranged to control die siqtply of 
10 Ute keys dq>endent on the time value, wherein the secure device is arranged to incranent the 
time value in response to recq)tion of re^ective ones of &e enoyption control messages. 

11. A computer program product comprising con^uter instructions for causing a 
secure device (14) with an input for receiving fb& oicryption control m^ages to 

15 - maintain a time value, incr^enting the time value in response to reception of rei^pective 
ones of the encryption control message!^ 

- decrypt the keys fixnn tiie messages; 

- control a supply of the keys to a decoder depeadeiat on the tune value. 
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